Data centers have robust cybersecurity infrastructure to defend against risks such as network intrusion. However, increasing demand for cloud-connected applications and connectivity has added vulnerabilities that bad actors can exploit for network intrusion, adding pressure on colocation operators and hyperscalers to tighten their defenses.
Network intrusion occurs in various ways, including misconfigured firewalls. If a firewall protecting a customer’s application isn’t restrictive enough, it may create a vulnerability that bad actors may exploit. Other vulnerabilities include compromised credentials, ransomware, and social engineering methods such as phishing.
Network intrusions can cost millions of dollars in data theft, harm systems, and damage the reputation of data center operators. The average cost of a data breach was about $4.9 million in 2024.
Defending a wider attack surface from network intrusions
Colocation operators and hyperscalers invest substantially in cybersecurity to minimize intrusion risks. However, the rush to add data center capacity for AI may open unintentional security gaps like firewall misconfigurations. Mergers and acquisitions between operators can also cause problems, with a data center operator possibly inheriting a facility maintained to a different standard.
Changes to data center infrastructure in recent years also have added risk. Consider the gray space in data centers that houses electrical systems, HVAC, and backup power. Historically, the hardware and systems in this space were not connected to the internet, but that has changed as much of the equipment gets linked to cloud platforms.
The same goes for remote connectivity. A growing trend over the past decade to remotely monitor and manage equipment can create opportunities for malicious actors if the remote connections aren’t properly secured. The connections are used for troubleshooting, system reboots, and all manner of updates, from firmware to applications to cybersecurity tools. If customers implement remote connectivity through popular tools such as Zoom, Teams, or Google Meet, they may open the door to network intrusion. The use of Secure Remote Access (SRA) minimizes risk, with data being shared through secure video streams and sanitized input. Everything in a SRA session is auditable in order to identify root causes if anything goes wrong.
Evolving technology and a wider attack surface have opened data center operators to new threats. With the growing possibility of a network intrusion attack, here are some steps to mitigate that risk.
Leverage Role-based Access Controls (RBACs)
Preventing incursions into data center infrastructure requires a multilayered approach, which must consider the human factor. Bad actors commonly use phishing and other social engineering methods. Colocation providers and hyperscalers are typically vigilant in focusing on human error, but it only takes one person to fall victim to a phishing attempt for a breach to happen.
Data center operators should always apply least privilege rules, giving employees access only to the systems and data they need. A call center representative, for instance, shouldn’t have access to Supervisory Control and Data Acquisition (SCADA) systems and file shares. Operators should also consider applying the Purdue model, which segments data systems and isolates critical components to minimize risk.
Access cybersecurity experts
Another approach to mitigating risk is to consult cybersecurity experts who can assess security measures and identify potential vulnerabilities. Engaging professionals with expertise in data center security can help organizations develop and implement effective security strategies. This includes guidance on employee awareness training, cybersecurity tools, processes, and industry standards.
Adhering to industry standards is critical. Colocation providers and hyperscalers may require compliance with global security standards such as IEC/ISA 62443, which apply to industrial automation and control systems for segmentation tools and monitoring, management, and access purposes. That’s why choosing a cybersecurity partner such as Schneider Electric is important, as it helps data center operators comply with these standards.
Resources to manage cybersecurity risks
Network intrusion is a common risk for colocations and hyperscalers, continually evolving in complexity. Ongoing adaptation and proactive security measures are essential to mitigate this threat effectively. Between certifying our products to strict industry standards and consulting with customers through highly skilled cybersecurity teams, Schneider Electric helps hyperscaler and colocation partners defend against network intrusion and other cybersecurity risks. Visit our cybersecurity services site to learn more. In addition, download this white paper on Network Intrusion Detection Systems for Critical Infrastructure for a comprehensive overview on how a network intrusion detection system can provide an additional layer of depth of security.
Add a comment